US9195846B2ActiveUtilityA1

Access grants

52
Assignee: KIRSHENBAUM EVAN RPriority: Oct 1, 2008Filed: Oct 1, 2008Granted: Nov 24, 2015
Est. expiryOct 1, 2028(~2.2 yrs left)· nominal 20-yr term from priority
G06F 21/6218
52
PatentIndex Score
0
Cited by
21
References
20
Claims

Abstract

Provided are, among other things, systems, methods, apparatuses and techniques for storing access grants. In one implementation, a blinding factor and access information for accessing a restricted object are obtained; blinded access information is generated for the restricted object based on the access information and the blinding factor; and an anchor node is stored into a data store, with the anchor node being accessible by submission of an identifier, the anchor node at least one of containing or referring to sufficient information to obtain access to the blinding factor and the blinded access information, and the identifier for the anchor node being independent of the blinding factor.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method of storing access grants, comprising;
 obtaining a blinding factor and access information for accessing a restricted object; 
 generating blinded access information for the restricted object based on the access information and the blinding factor; and 
 storing an anchor node into a data store, 
 wherein the anchor node is accessible by submission of an identifier, 
 wherein the anchor node at least one of contains or refers to sufficient information to obtain access to the blinding factor and the blinded access information, 
 wherein the identifier for the anchor node is independent of the blinding factor. 
 
     
     
       2. A method according to  claim 1 , wherein the sufficient information provides access to the blinding factor only in an encrypted form. 
     
     
       3. A method according to  claim 2 , wherein the encrypted form comprises data that includes the blinding factor and that has been encrypted using a public key associated with an intended grantee. 
     
     
       4. A method according to  claim 1 , wherein the identifier comprises a cryptographic hash of specified content within the anchor node. but wherein the specified content is less than all content within the anchor node. 
     
     
       5. A method according to  claim 1 , further comprising a step, performed prior to said storing, of querying the data store for presence of a stored object corresponding to the identifier, and wherein said storing is performed in response to a query reply that the data store previously did not include any such stored object. 
     
     
       6. A method according to  claim 1 , wherein the identifier is a specified function of secret information. 
     
     
       7. A method according to  claim 6 , wherein the secret information is shared among plural members of a trust domain. 
     
     
       8. A method according to  claim 6 , further comprising a step of using the secret information to generate identifiers of plural different anchor nodes in plural different access-grant sessions. 
     
     
       9. A method according to  claim 1 , wherein the identifier is a function of identification information for an intended grantee. 
     
     
       10. A method according to  claim 1 , wherein the blinding factor comprises a symmetric encryption/decryption key and the blinded access information is generated by using the symmetric encryption/decryption key to encrypt data that includes the access information. 
     
     
       11. A method according to  claim 1 , further comprising a step of repeating said storing step so as to store a plurality of anchor nodes that include blinded access information for a corresponding plurality of restricted objects, the blinded access information within each of the plurality of anchor nodes having been generated using the blinding factor. 
     
     
       12. A method according to  claim 11 , wherein the plurality of anchor nodes is stored within a hierarchical structure in the data store. 
     
     
       13. A method according to  claim 12 , wherein the hierarchical structure is a hash-based directed acyclic graph (HDAG). 
     
     
       14. A method according to  claim 12 , wherein the hierarchical structure is based on at least part of a second hierarchical structure in which the plurality of restricted objects is arranged. 
     
     
       15. A method according to  claim 12 , wherein said storing of the anchor node is performed as part of a process that comprises recursively checking for presence of lower-level structures of the plurality of anchor nodes within the data store, until presence of all required structures is verified. 
     
     
       16. A method according to  claim 1 , wherein the anchor node refers to an entry node that can be accessed using a key to obtain the blinded access information and information for obtaining the blinding factor. 
     
     
       17. A method according to  claim 16 , wherein the key is a function of identification information for the restricted object. 
     
     
       18. A method according to  claim 1 , wherein the access information can be derived from the blinded access information and the blinding factor. 
     
     
       19. A non-transitory computer-readable medium storing computer-executable process steps for storing access grants, said process steps comprising:
 obtaining a blinding factor and access information for accessing a restricted object; 
 generating blinded access information for the restricted object based on the access information and the blinding factor; and 
 storing an anchor node into a data store, 
 wherein the anchor node is accessible by submission of an identifier, 
 wherein the anchor node at least one of contains or refers to sufficient information to obtain access to the blinding factor and the blinded access information, 
 wherein the identifier for the anchor node is independent of the blinding factor. 
 
     
     
       20. An apparatus for storing access grants, comprising at least one hardware processor to:
 obtain a blinding factor and access information for accessing a restricted object; 
 generate blinded access information for the restricted object based on the access information and the blinding factor; and 
 store an anchor node into a data store, 
 wherein the anchor node is accessible by submission of an identifier, 
 wherein the anchor node at least one of contains or refers to sufficient information to obtain access to the blinding factor and the blinded access information, 
 wherein the identifier for the anchor node is independent of the blinding factor.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.